Privacy Policy

Version effective as of 1. April 2025

With this Data Protection Statement we, Lumé Events GmbH (hereinafter referred to as Lumé, we, or us), describe how we collect and further process personal data. This is not necessarily a comprehensive description; other privacy policies, general terms and conditions, contracts, and similar documents are applicable to specific circumstances. Personal data shall mean any information that identifies, or could reasonably be used to identify any person.

If you provide us with personal data of other persons (e.g., family members, data of colleagues or guests), please ensure that these respective persons are aware of this privacy policy, and only provide us with their data if you are allowed to do so and such personal data is correct.

We assume that the EU General Data Protection Regulation («GDPR») does not apply to the data processing we perform. In the event that it exceptionally applies to specific data processing, this privacy policy is designed to meet the requirements of both the Swiss Data Protection Act («DSG») and the EU General Data Protection Regulation. Whether and to what extent these laws (particularly the GDPR) apply depends on the individual case.

1. Controller / Data Protection Officer / Representative

The entity responsible for the data processing described here is Lumé Events GmbH, Zugerbergstrasse 20, 6300 Zug, unless otherwise communicated in individual cases. If you have any data protection-related concerns, you can address them to the following contact address:

Lumé Events GmbH
Zugerbergstrasse 20
6300 Zug
E-Mail: sharon@lume-events.com 

2. Collection and Processing of Personal Data

We primarily process personal data that we obtain as part of our business relationship with our customers and other business partners from them and other persons involved or that we collect or receive from users when operating our websites, social media, apps, and other applications.

Where permitted, we also obtain certain data from publicly accessible sources (e.g., debt enforcement registers, land registers, commercial registers, press, the internet including social media) or receive such data from authorities and other third parties (such as your employer or client who is in a business relationship with us or otherwise involved, business partners, contracting parties, event organizers, customers, internet analysis services, address traders, credit reporting agencies, etc.).

In addition to the data you provide directly, the categories of personal data that we receive from third parties about you particularly include information from public registers, information that we learn in connection with administrative and judicial proceedings, information related to your professional functions and activities (so that, for example, we can conclude and process business transactions with your employer with your assistance), information about you obtained from correspondence, other communication methods, and meetings with you or third parties, credit information (insofar as we conduct business with you personally), information about you that we receive from persons in your environment (family, advisors, legal representatives, employers, acquaintances, etc.) so that we can conclude or process contracts with you or involving you (e.g., references, your address for deliveries, powers of attorney, information for compliance with legal requirements such as anti-money laundering measures and export restrictions), personal information that we need from participants to conduct events (e.g., contact details, personal information, and dietary restrictions), information from banks, insurers, distributors, and other contractual partners to use or provide services through or for you (e.g., payments made, purchases made), information from media and the internet including social media about you (if relevant, e.g., in the context of a job application, press review, marketing/sales, contract fulfillment, etc.), your addresses and, if applicable, interests and other sociodemographic data (for marketing, event planning, etc.), data related to the use of the website (e.g., IP address, MAC address of smartphones or computers, device information and settings, cookies, date and time of the visit, accessed pages and content, used features, referring website, location data).

3. Purposes of Data Processing and Legal Bases

We primarily use the personal data we collect to conclude and execute our contracts with our customers and business partners, particularly in the context of providing services in the conception, planning, organization, execution, and coordination of events of all kinds, as well as providing consulting services for our clients. Furthermore, we use the collected personal data for the mediation and trade of products and services with our customers, suppliers, and subcontractors, and to fulfill our legal obligations domestically and abroad. If you work for such a customer or business partner or are a participant in an event, you may also be affected by this data processing in your role.

Additionally, we process personal data about you and other persons, where permitted and deemed appropriate, for the following purposes, where we (and sometimes also third parties) have a legitimate interest corresponding to the purpose:

  • Offering and further developing our services, websites, other platforms, and apps where we are present;

  • Communicating with you and third parties and processing their inquiries;

  • Reviewing and optimizing procedures for needs analysis to enable direct customer contact and collecting personal data from publicly accessible sources for customer acquisition;

  • Advertising and marketing (including organizing events), provided you have not objected to the use of your data (if we send you advertising as an existing customer, you can object at any time, and we will add you to a suppression list to prevent further marketing messages);

  • Market and opinion research, media monitoring;

  • Asserting legal claims and defense in connection with legal disputes and administrative procedures;

  • Preventing and investigating criminal offenses and other misconduct (e.g., conducting internal investigations, data analysis for fraud prevention);

  • Ensuring our operations, particularly IT, our websites, and other platforms/apps;

  • Video surveillance to protect property rights and other measures for IT, building, and asset security, as well as the protection of our employees and other individuals, and values owned or entrusted to us (such as access controls, visitor lists, network and mail scanners, phone recordings);

  • Purchasing and selling business units, companies, or parts of companies, and other corporate transactions, including the transfer of personal data, as well as measures related to business management and control, and to comply with legal and regulatory obligations and internal rules of Lumé.

If you have given us your consent to process your personal data for specific purposes (for example, when registering for an event or subscribing to newsletters), we will process your personal data within the scope of and based on this consent, provided we have no other legal basis and require one. Consent can be withdrawn at any time, but this does not affect data processing already carried out.

4. Cookies / Tracking and Other Technologies Related to the Use of Our Website

a)   Cookies

We typically use "cookies" and similar technologies on our website that can identify your browser or device. A cookie is a small file that is sent to your computer or automatically stored by your web browser on your computer or mobile device when you visit our website. When you visit this website again, we can recognize you, even if we do not know who you are. In addition to cookies that are used only during a session and are deleted after your website visit ("session cookies"), cookies can also be used to store user settings and other information for a specific period ("permanent cookies"). However, you can set your browser to reject cookies, store them only for a session, or delete them prematurely. Most browsers are preset to accept cookies.

We use permanent cookies to better understand how you use our offerings and content and to display offers tailored to you. If you block cookies, certain functionalities may no longer work.
By using our website and consenting to receive marketing emails, you agree to the use of these technologies. If you do not want this, you must adjust your browser or email program accordingly.

b)   Google Services

We sometimes use Google Analytics, Google Maps, or similar services on our websites. These are services provided by third parties, which may be located anywhere in the world (in the case of Google Analytics, it is Google Ireland (based in Ireland), with Google Ireland relying on Google LLC (based in the USA) as a data processor (both referred to as "Google"), www.google.com), which allow us to measure and evaluate the use of the website (not on a personal basis). Permanent cookies set by the service provider are also used for this purpose.

If you have registered with the service provider yourself, the provider also knows you. The processing of your personal data by the service provider is then carried out under the responsibility of the service provider in accordance with its data protection regulations. We only receive information from the provider about how our respective website is used (no personal information about you).

c)   Social-Media Plug-Ins

We also use so-called plug-ins from social networks, such as Instagram and LinkedIn, on our websites. This is visible to you (typically through corresponding symbols). We have configured these elements to be disabled by default. If you activate them (by clicking), the operators of the respective social networks can register that you are on our website and where, and they may use this information for their own purposes. The processing of your personal data then takes place under the responsibility of the operator according to its data protection regulations. We do not receive any information about you from them.

5. Social Networks

We operate pages and other online presences on social networks and other platforms operated by third parties and process data about you in this context. We receive data from you (e.g., when you communicate with us or comment on our content) and from the platforms (e.g., statistics). The platform providers can analyze your usage and process this data together with other data they already have about you. They also process this data for their own purposes (e.g., for marketing and market research purposes and to manage their platforms) and act as independent data controllers for this purpose. For more information on data processing by the platform operators, please refer to the privacy policies of the respective platforms. We currently use the following platforms, with the identity and contact details of the platform operator available in their respective privacy policies: Instagram (Provider: Meta Platforms Ireland Limited, Ireland); LinkedIn (Provider: LinkedIn Ireland Unlimited Company, Ireland)

6. Data Disclosure and Transfer Abroad

In the context of our business activities and the purposes outlined in Section 3, we may disclose data to third parties, as permitted and deemed appropriate, either because they process it on our behalf or because they wish to use it for their own purposes. This particularly concerns the following entities:

  • Our service providers (such as banks, insurance companies, accounting firms), including data processors (e.g., IT providers, cloud providers);

  • Dealers, suppliers, subcontractors, and other business partners;

  • Customers and other contractual partners;

  • Domestic and foreign authorities, offices, or courts;

  • Media;

  • The public, including visitors to websites, social media, and events;

  • Acquirers or prospective buyers of business units or the entire organization of Lumé;

  • Other parties in potential or actual legal proceedings; 

all collectively referred to as recipients.

These recipients may be located domestically or anywhere in the world. You should particularly expect the transfer of your data to any country where our service providers are located (such as Microsoft, Google) or where we conduct events for our customers.

If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with applicable data protection (using the revised standard contractual clauses of the European Commission, available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless they are already subject to a legally recognized framework to ensure data protection, or we can rely on an exemption. An exemption may apply, for example, in the case of foreign legal proceedings, in cases of overriding public interest, if contractual processing requires such disclosure, if you have given your consent, or if the data has been made publicly accessible by you without objection to its processing.

7. Duration of Retention of Personal Data

We process and store your personal data for as long as necessary to fulfill our contractual and legal obligations or other purposes pursued in connection with the processing. This typically covers the entire duration of the business relationship (from initiation, execution, to termination of a contract) and beyond, in accordance with statutory retention and documentation obligations. It is possible that personal data may be retained for the period during which claims can be made against our company, as well as when we are legally obligated to do so or when legitimate business interests require it (e.g., for evidence and documentation purposes). Once your personal data is no longer necessary for the purposes mentioned above, it will generally be deleted or anonymized, to the extent possible.

8. Data Security

We take appropriate technical and organizational security measures to maintain the confidentiality, integrity, and availability of your personal data, to protect it against unauthorized or unlawful processing, and to counter the risks of loss, accidental alteration, unintended disclosure, or unauthorized access (e.g., IT and network solutions, access controls and restrictions, encryption of data carriers, and instructions to our employees).

9. Obligation to Provide Personal Data

Within the scope of our business relationship, you must provide the personal data necessary to establish and carry out a business relationship and fulfill the associated contractual obligations (generally, you are not legally obliged to provide us with data). Without this data, we will usually not be able to enter into or execute a contract with you (or the entity or person you represent). Additionally, the website cannot be used if certain information necessary to ensure data traffic (such as the IP address) is not disclosed.

10. Rights of the Data Subject

Within the scope of the applicable data protection law and as provided therein (such as in the case of the GDPR, where applicable), you have the right to access, rectify, and delete your data, as well as the right to restrict data processing and object to our data processing, particularly in the case of direct marketing and other legitimate interests in processing. You also have the right to request the release of certain personal data for transfer to another entity (so-called data portability). Please note that we reserve the right to enforce statutory restrictions, for instance, if we are obligated to retain or process certain data, have a prevailing interest (where we are entitled to do so), or require the data for asserting claims. If any costs arise, we will inform you in advance. We have already informed you about the possibility of withdrawing your consent in section 3. Please be aware that exercising these rights may conflict with contractual agreements and could result in consequences, such as early contract termination or cost implications. In such cases, we will inform you in advance unless already contractually regulated.

The exercise of such rights generally requires you to clearly verify your identity (e.g., by providing a copy of an ID if your identity is not otherwise evident or verifiable). To assert your rights, you may contact us at the address specified in section 1.

Furthermore, every data subject has the right to enforce their claims in court or file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC) (http://www.edoeb.admin.ch).

11. Amendments of this Data Protection Statement

We may amend this Privacy Policy at any time without prior notice. The currently published version on our website is applicable. If the Privacy Policy is part of an agreement with you, we will inform you about changes by email or through other appropriate means in the event of an update.

*****